...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship | ||
|---|---|---|---|---|
| ISO/IEC TR 24772 | Privilege Sandbox Issues [XYO] | Prior to 2018-01-12: CERT: Unspecified Relationship | ||
| CWE 2.11 | MITRE CWE | CWE-250, Execution with unnecessary privileges | CWE-273, Failure to check whether privileges were dropped successfully | 2017-07-07: CERT: Exact |
Bibliography
| [Chen 2002] | "Setuid Demystified" |
| [Dowd 2006] | Chapter 9, "Unix I: Privileges and Files" |
| [Open Group 2004] | setuid()getuid()seteuid() |
| [Tsafrir 2008] | "The Murky Issue of Changing Process Identity: Revising 'Setuid Demystified'" |
| [Wheeler 2003] | Section 7.4, "Minimize Privileges" |
...